Businesses, government organisations, and communities and societies, enter 2023 facing severe economic headwinds, conflict and rising geopolitical tensions, growing social polarisation and technology-enabled changes to the way people work, consume and socialise. This turbulence provides rich opportunities for attackers to exploit weaknesses in critical infrastructure, corporate and government networks and systems holding personally identifiable information (PII), account passwords and other sensitive data. Illicit access to systems and data enables these groups or individuals to disrupt water, power or other utilities; purloin intellectual property; empty bank accounts; steal personal identities; or conduct a range of other hostile activities.
At TeamT5, we anticipate the following developments this year:
The continued rise of state-sponsored APT groups
The Asia-Pacific region is experiencing increasing turbulence due largely to rising tensions between the United States and China. This friction means state-sponsored Advanced Persistent Threat (APT) groups present a potent threat to stability in the APAC region. Unlike cybercriminals who are typically incentivised by personal gain, state-sponsored APT groups are politically motivated and target intelligence that serves the interests of the governments or authorities that direct them.
We are aware of a number of these groups operating in the Asia-Pacific, including one connected to the Chinese government that targets a range of sectors including telecommunications, pharmaceuticals and aviation, and another acting against government and military agencies across the Asia-Pacific.
We expect to see these groups step up their activity as several important events–including the G7 Summit–take place this year. Our research team believes APT groups plan to launch more sophisticated attacks against Asia-Pacific countries. Apart from exploiting new and legacy vulnerabilities, APT groups also started to abuse legitimate cloud services (Dropbox, Google Drive) or third-party services to deploy malware.
The impact of these activities may be severe as businesses and government organisations remain reliant on cloud services to help execute remote- and hybrid-working strategies. While these strategies continue to improve productivity and employee satisfaction, a heightened focus from APT groups exacerbates the threats posed by practices such as use of unsecured personal devices or poorly protected networks.
Escalating software supply chain attacks
APT groups are also poised to step up projects to infiltrate code in third party products and services that access corporate or government networks. These software supply chain attacks are particularly insidious as they target trusted products, minimising the prospect of being detected and responded to by anti-malware products.
These attacks hit the spotlight in late 2020 when malicious parties–most likely a state-based APT group–breached SolarWinds’ Orion, a product used by large organisations and governments to manage their IT resources. Through compromised updates, the attackers were able to insert malware into the systems of clients including the United States Department of Homeland Security, Treasury and private companies such as Microsoft.
Due to the high risk and potentially severe consequences of such attacks, we also expect to see businesses, governments, vendors and security software providers escalate measures to detect and prevent these attacks. This may include more stringent requirements of third-party providers to limit the risk of infiltration before allowing their products and services to access sensitive corporate systems and data.
Fill security gaps with cyber threat intelligence
To minimise the threat presented by APT groups and cyberattackers in 2023 and beyond, businesses and government organisations need to acknowledge a difficult reality–that the cyber threat landscape is becoming more complex and threat actors are evolving rapidly.
In the past, traditional cyber defence mechanisms like antivirus software and firewalls might have been enough to protect sensitive data and systems. However, now businesses and organisations have to develop, execute and constantly update a comprehensive strategy to defend against sophisticated attacks.
Cyber threat intelligence must inform and drive this strategy. Intelligence about threat actors and potential attacks can help businesses and government organisations better understand potential threats, and help them allocate resources to establish effective cyber defences.
To obtain the insights needed to combat sophisticated cyberattackers, businesses and government organisations should consider solutions such as the ThreatVision threat intelligence platform. ThreatVision provides a portal that enables clients to stay on top of the threat landscape, defend against APT attacks and understand the tactics, techniques and procedures of adversaries.
Click here to register for the free demo now.